Alerts

The passwordless login mechanism in CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability, allowing remote attackers with regular privileges to send a crafted...

The login mechanism via device authentication of CGFIDO from Changing Information Technology has an Authentication Bypass vulnerability. If a user visits a forged website, the agent program...

The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access...

A flaw was found in the OpenShift build process, where the docker-build container is configured with a hostPath volume mount that maps the node's /var/lib/kubelet/config.json file into the...

The Hunk Companion WordPress plugin before 1.9.0 does not correctly authorize some REST API endpoints, allowing unauthenticated requests to install and activate arbitrary Hunk Companion WordPress...

A vulnerability was found in CodeAstro Online Food Ordering System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/all_users.php of the component All...

Protection Mechanism Failure in bootloader prior to SMR Oct-2024 Release 1 allows physical attackers to reset lockscreen failure count by hardware fault injection. User interaction is required for...

Missing Authorization vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in DeluxeThemes Userpro.This issue affects Userpro: from n/a through 5.1.9.

Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.